0

Logfile of HijackThis v1.99.1
Scan saved at 1:49:44 PM, on 12/17/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\rndal.exe
F:\ipod\itunes\iTunesHelper.exe
U:\program files\quicktime\qttask.exe
F:\ipod\bin\iPodService.exe
U:\program files\logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
U:\program files\logitech\SetPoint\KEM.exe
U:\program files\logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Aim\aim.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32/left.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xmradio.com/xstream/service/account/index.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\crazytalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\ipod\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "U:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [LDM] U:\program files\logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: InterVideo WinCinema Manager.lnk = InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = U:\program files\logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = U:\program files\logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://www.reallusion.com/Stuff/CrazyTalk.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/29a8ee0cc3a9a3523903/netzip/RdxIE2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.microline.org:8081/activex/AxisCamControl.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitthepros03/shockwave/wtinst.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zooville
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: Domain = zooville
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zooville
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = zooville,mindspring.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: Domain = zooville
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zooville
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = zooville,mindspring.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: Domain = zooville
O17 - HKLM\System\CS2\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = zooville,mindspring.com
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\ipod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

2
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by DMR
0

You have a few different "unwanted guests" listed in your log. Please do the following:

- Open your Add/Remove Programs control panel and uninstall these programs if they appear in the list of installed programs:

My Way/My Search/My Bar
Wild Tangent
BrowserAid
BrowserPal
CashToolbar
Web Toolbar
iSearch
If you did not knowingly install the "CrazyTalk" program, remove that as well.

You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download and install these utilities (but do not run scans with them yet):

ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open Norton Anti-virus and use its LiveUpdate feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with it; just close it once it is updated.


3. Download and install the CCleaner utility, but don't run it yet.


4. Run HijackTHis again, put a check mark next to the following entries, and then click the "Fix checked" button. Close HJT once it has finished performing its fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32/left.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINNT\System32\crazytalk.dll,DllServeMediaFile
<--if "CrazyTalk" was not intentionally installed
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINNT\uptodate.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/hitt...wave/wtinst.cab

5. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).


6. Run CCleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.


7. Run Norotn, ewido, and MS Antispyware beta consecutively; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.


8. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files (some of these should already have been deleted by the removal utilities):
C:\WINNT\System32\crazytalk.dll <--if "CrazyTalk" was not intentionally installed
C:\WINNT\uptodate.exe
C:\WINNT\Downloaded Program Files\bridge.dll
C:\WINNT\system32\toolbar.dll

- Delete the following folders entirely if they exist:

C:\Program Files\MyWay
C:\Program Files\WildTangent
C:\WINNT\WT


9. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

0
Logfile of HijackThis v1.99.1
Scan saved at 9:07:52 AM, on 1/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
U:\program files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
F:\ipod\itunes\iTunesHelper.exe
U:\program files\quicktime\qttask.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
U:\program files\logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
U:\program files\logitech\SetPoint\KEM.exe
U:\program files\logitech\SetPoint\KHALMNPR.EXE
F:\ipod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Aim\aim.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.xmradio.com/xstream/service/account/index.jsp[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - U:\program files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\ipod\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "U:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [LDM] U:\program files\logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: InterVideo WinCinema Manager.lnk = InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = U:\program files\logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = U:\program files\logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O16 - DPF: Yahoo! Pool 2 - [url]http://download.games.yahoo.com/games/clients/y/potb_x.cab[/url]
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - [url]http://www.musicnotes.com/download/mnviewer.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409[/url]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - [url]http://207.188.7.150/29a8ee0cc3a9a3523903/netzip/RdxIE2.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://www.microline.org:8081/activex/AxisCamControl.cab[/url]
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - [url]http://webcamnow.com/broadcast/ActiveXWebCam.cab[/url]
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - [url]http://chat.yahoo.com/cab/yvwrctl.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zooville
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: Domain = zooville
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zooville
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = zooville,mindspring.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: Domain = zooville
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zooville
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = zooville,mindspring.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: Domain = zooville
O17 - HKLM\System\CS2\Services\Tcpip\..\{06E088B0-49A0-415D-8C6E-35C6E72CBD8C}: NameServer = 207.69.188.185,207.69.188.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = zooville,mindspring.com
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - U:\program files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - U:\program files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\ipod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe








 + Created on:          7:56:17 PM, 1/13/2006
 + Report-Checksum:     A69409DA

 + Scan result:

    HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4438A5DC-E00B-41A0-B0E6-B63FD3B86EEE} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4767C447-EF15-42F2-8809-68ADB7FA76F1} -> Spyware.NetworkEssentials : Cleaned with backup
    HKLM\SOFTWARE\DelFin -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DelFin Media Viewer -> Spyware.Delfin : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
    HKU\S-1-5-21-2000478354-1682526488-1957994488-1002\Software\DelFin -> Spyware.Delfin : Cleaned with backup
    HKU\S-1-5-21-2000478354-1682526488-1957994488-1002\Software\DelFin\PromulGate -> Spyware.Delfin : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\6yxmbinl.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\Cache\EE2576BEd01 -> Spyware.BookedSpace : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.62:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla\Profiles\default\rpqjcya1.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
    C:\Program Files\Common Files\Sony Shared\Visualizer\ExlGen.dll -> Dialer.Generic : Cleaned with backup
    C:\Program Files\MediaLoads\notify\notify.exe -> Spyware.ClipGenie : Cleaned with backup
    C:\Program Files\MediaLoads\v1\ML.exe -> Spyware.DownloadWare : Cleaned with backup
    C:\Program Files\Mozilla Firefox\plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
    C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll -> Spyware.NavExcel : Cleaned with backup
    C:\Program Files\NavExcel\NavHelper\v2.0.4\NHUninstaller.exe -> Adware.NavExcel : Cleaned with backup
    C:\Program Files\NavExcel\NavHelper\v2.0.4\NHUpdater.exe -> Spyware.NavExcel : Cleaned with backup
    C:\Program Files\NavExcel\NavHelper\v2.0.4\v2.0.4.cab/NHUninstaller.exe -> Adware.NavExcel : Error during cleaning
    C:\Program Files\NavExcel\NavHelper\v2.0.4\v2.0.4.cab/NHelper.dll -> Spyware.NavExcel : Error during cleaning
    C:\Program Files\NavExcel\NavHelper\v2.0.4\v2.0.4.cab/NHUpdater.exe -> Spyware.NavExcel : Error during cleaning
    C:\Program Files\Netscape\Netscape 6\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
    C:\WINNT\NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINNT\NDNuninstall5_48.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINNT\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINNT\system32\chktrust.exe -> Spyware.BargainBuddy : Cleaned with backup

Edited by mike_2000_17: Fixed formatting

0

Looks good. Your HTJ log is clean now, and ewido apppears to have done its job as well.

Does everything seem to be functioning properly now?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.